def test_resource_count_filter_validation(self):
# Bad `op`
f = {
'type': 'value',
'value_type': 'resource_count',
'op': 'regex',
'value': 1,
}
self.assertRaises(
base_filters.FilterValidationError, filters.factory(f, {}).validate)
# Bad `value`
f = {
'type': 'value',
'value_type': 'resource_count',
'op': 'eq',
'value': 'foo',
}
self.assertRaises(
base_filters.FilterValidationError, filters.factory(f, {}).validate)
# Missing `op`
f = {
'type': 'value',
'value_type': 'resource_count',
'value': 1,
}
self.assertRaises(
base_filters.FilterValidationError, filters.factory(f, {}).validate)
def test_complex_validator(self):
self.assertRaises(
PolicyValidationError,
filters.factory({"key": "xyz", "type": "value"}).validate,
)
self.assertRaises(
PolicyValidationError,
filters.factory({"value": "xyz", "type": "value"}).validate,
)
self.assertRaises(
PolicyValidationError,
filters.factory(
{"key": "xyz", "value": "xyz", "op": "oo", "type": "value"}
).validate,
)
def test_value_type(self):
sentinel = datetime.now()
value = 5
resource = {'a': 1, 'Tags': [{'Key': 'xtra', 'Value': 'hello'}]}
vf = filters.factory({'tag:ASV': 'absent'})
vf.vtype = 'size'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (sentinel, 0))
vf.vtype = 'age'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (0, sentinel))
vf.vtype = 'cidr'
sentinel = '10.0.0.0/16'
value = '10.10.10.10'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(
(str(res[0]), str(res[1])),
(sentinel, value),
)
vf.vtype = 'cidr_size'
value = '10.10.10.300'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (sentinel, 0))
vf.vtype = 'expr'
value = 'tag:xtra'
sentinel = None
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 'hello'))
vf.vtype = 'expr'
value = 'a'
sentinel = None
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 1))
def test_less_than(self):
f = filters.factory(
{"type": "value", "key": "Number", "value": 10, "op": "less-than"}
)
self.assertEqual(f(instance(Number=9)), True)
self.assertEqual(f(instance(Number=11)), False)
self.assertEqual(f(instance(Number=10)), False)
def test_or(self):
f = filters.factory(
{"or": [{"Architecture": "x86_64"}, {"Architecture": "armv8"}]}
)
results = [instance(Architecture="x86_64")]
self.assertEqual(f.process(results), results)
self.assertEqual(f.process([instance(Architecture="amd64")]), [])
def test_not_break_empty_set(self):
results = [
instance(Architecture="x86_64", Color="green")]
f = filters.factory({"not": [{"Architecture": "amd64"}]})
class Manager(object):
class resource_type(object):
id = 'Color'
@classmethod
def get_model(cls):
return cls.resource_type
class FakeFilter(object):
def __init__(self):
self.invoked = False
def process(self, resources, event=None):
self.invoked = True
return resources
fake = FakeFilter()
f.filters.append(fake)
f.manager = Manager()
self.assertEqual(len(f.process(results)), 1)
self.assertFalse(fake.invoked)
def test_regex_validate(self):
self.assertRaises(
PolicyValidationError,
filters.factory(
{"type": "value", "key": "Color", "value": "*green", "op": "regex"}
).validate,
)
def test_value_type(self):
sentinel = datetime.now()
value = 5
resource = {"a": 1, "Tags": [{"Key": "xtra", "Value": "hello"}]}
vf = filters.factory({"tag:ASV": "absent"})
vf.vtype = "size"
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (sentinel, 0))
vf.vtype = "cidr"
sentinel = "10.0.0.0/16"
value = "10.10.10.10"
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual((str(res[0]), str(res[1])), (sentinel, value))
vf.vtype = "cidr_size"
value = "10.10.10.300"
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (sentinel, 0))
vf.vtype = "expr"
value = "tag:xtra"
sentinel = None
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, "hello"))
vf.vtype = "expr"
value = "a"
sentinel = None
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 1))
vf.vtype = "unique_size"
value = [1, 2, 3, 1, 5]
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 4))
def test_event_filter(self):
event = event_data('event-instance-state.json')
f = {'type': 'event',
'key': 'detail.state',
'value': 'pending'}
self.assertTrue(filters.factory(f).process(
[instance()], event))
def test_regex_validate(self):
self.assertRaises(
base_filters.FilterValidationError,
filters.factory({
'type': 'value',
'key': 'Color',
'value': '*green',
'op': 'regex'}).validate)
def test_event_no_mode(self):
b = Bag(data={'resource': 'something'})
f = {'type': 'event',
'key': 'detail.state',
'value': 'pending'}
f = filters.factory(f, b)
self.assertRaises(
base_filters.FilterValidationError, f.validate)
def test_regex_match(self):
f = filters.factory(
{"type": "value", "key": "Color", "value": ".*green.*", "op": "regex"}
)
self.assertEqual(f(instance(Architecture="x86_64", Color="green papaya")), True)
self.assertEqual(f(instance(Architecture="x86_64", Color="blue")), False)
self.assertEqual(f(instance(Architecture="x86_64")), False)
def test_regex_case_sensitive_match(self):
f = filters.factory(
{"type": "value", "key": "Color", "value": ".*GREEN.*", "op": "regex-case"}
)
self.assertEqual(f(instance(Architecture="x86_64", Color="GREEN papaya")), True)
self.assertEqual(f(instance(Architecture="x86_64", Color="green papaya")), False)
self.assertEqual(f(instance(Architecture="x86_64")), False)
def test_not(self):
results = [
instance(Architecture="x86_64", Color="green"),
instance(Architecture="x86_64", Color="blue"),
instance(Architecture="x86_64", Color="yellow"),
]
f = filters.factory({"not": [{"Architecture": "x86_64"}, {"Color": "green"}]})
self.assertEqual(len(f.process(results)), 2)
def test_event_filter(self):
b = Bag(data={"mode": []})
event = event_data("event-instance-state.json")
f = {"type": "event", "key": "detail.state", "value": "pending"}
ef = filters.factory(f, b)
self.assertTrue(ef.process([instance()], event))
# event is None
self.assertEqual(ef.process("resources"), "resources")
# event is not None, but is not "true" either
self.assertEqual(ef.process("resources", []), [])
def test_or(self):
f = filters.factory({
'or': [
{'Architecture': 'x86_64'},
{'Architecture': 'armv8'}]})
self.assertEqual(
f(instance(Architecture='x86_64')),
True)
self.assertEqual(
f(instance(Architecture='amd64')),
False)
def test_value_match(self):
resource = {"a": 1, "Tags": [{"Key": "xtra", "Value": "hello"}]}
vf = filters.factory({"type": "value", "value": None, "key": "tag:xtra"})
self.assertFalse(hasattr(vf, "content_initialized"))
self.assertEqual(vf.v, None)
res = vf.match(resource)
self.assertTrue(vf.content_initialized)
self.assertEqual(vf.v, None)
self.assertFalse(res)
def test_intersect(self):
f = filters.factory(
{
"type": "value",
"key": "Thing",
"value": ["A", "B", "C"],
"op": "intersect",
}
)
self.assertEqual(f(instance(Thing=["D", "E", "F"])), False)
self.assertEqual(f(instance(Thing=["C", "D", "E"])), True)
def test_resource_count_filter(self):
fdata = {
"type": "value", "value_type": "resource_count", "op": "lt", "value": 2
}
self.assertFilter(fdata, instance(file="ec2-instances.json"), [])
f = filters.factory(
{"type": "value", "value_type": "resource_count", "op": "eq", "value": 2}
)
i = instance(file="ec2-instances.json")
self.assertEqual(i, f(i))
def assertFilter(self, f, i, v):
"""
f: filter data/spec
i: instance
v: expected value (true/false)
"""
try:
self.assertEqual(filters.factory(f)(i), v)
except AssertionError:
print(f, i["LaunchTime"], i["Tags"], v)
raise
def test_resource_count_filter_validation(self):
# Bad `op`
f = {"type": "value", "value_type": "resource_count", "op": "regex", "value": 1}
self.assertRaises(
PolicyValidationError, filters.factory(f, {}).validate
)
# Bad `value`
f = {
"type": "value", "value_type": "resource_count", "op": "eq", "value": "foo"
}
self.assertRaises(
PolicyValidationError, filters.factory(f, {}).validate
)
# Missing `op`
f = {"type": "value", "value_type": "resource_count", "value": 1}
self.assertRaises(
PolicyValidationError, filters.factory(f, {}).validate
)
def test_not_in(self):
f = filters.factory(
{
"type": "value",
"key": "Thing",
"value": ["Foo", "Bar", "Quux"],
"op": "not-in",
}
)
self.assertEqual(f(instance(Thing="Baz")), True)
self.assertEqual(f(instance(Thing="Foo")), False)
def test_not_in(self):
f = filters.factory(
{'type': 'value',
'key': 'Thing',
'value': ['Foo', 'Bar', 'Quux'],
'op': 'not-in'})
self.assertEqual(
f(instance(Thing='Baz')),
True)
self.assertEqual(
f(instance(Thing='Foo')),
False)
def test_or(self):
f = filters.factory({
'or': [
{'Architecture': 'x86_64'},
{'Architecture': 'armv8'}]})
results = [instance(Architecture='x86_64')]
self.assertEqual(
f.process(results),
results)
self.assertEqual(
f.process([instance(Architecture='amd64')]),
[])
def test_not_equal(self):
f = filters.factory(
{'type': 'value',
'key': 'Color',
'value': 'green',
'op': 'not-equal'})
self.assertEqual(
f(instance(Color='green')),
False)
self.assertEqual(
f(instance(Color='blue')),
True)
def test_event_filter(self):
b = Bag(data={'mode': []})
event = event_data('event-instance-state.json')
f = {'type': 'event',
'key': 'detail.state',
'value': 'pending'}
ef = filters.factory(f, b)
self.assertTrue(ef.process(
[instance()], event))
# event is None
self.assertEqual(ef.process('resources'), 'resources')
# event is not None, but is not "true" either
self.assertEqual(ef.process('resources', []), [])
def test_group_regex_date_asc(self):
resources = self.instances()
f = filters.factory({
"type": "reduce",
"group-by": {
"key": "Date",
"value_type": "date",
"value_regex": "([0-9]{4}-[0-9]{2}-[0-9]{2}).*"
},
"limit": 1
})
f.validate()
rs = f.process(resources)
self.assertEqual([r['InstanceId'] for r in rs], ['C', 'A'])
def test_reverse(self):
resources = self.instances()
f = filters.factory(
{
"type": "reduce",
"order": "reverse",
}
)
rs = f.process(resources)
self.assertEqual(len(rs), len(resources))
self.assertEqual(
[r['InstanceId'] for r in rs],
[r['InstanceId'] for r in resources[::-1]]
)
def test_group_sort_limit(self):
resources = self.instances()
f = filters.factory(
{
"type": "reduce",
"group-by": "Group",
"sort-by": "Foo",
"order": "desc",
"limit": 1,
}
)
rs = f.process(resources)
self.assertEqual(len(rs), 3)
self.assertEqual([r['InstanceId'] for r in rs], ['F', 'E', 'D'])
def test_group_regex_date_desc_null_first(self):
resources = self.instances()
f = filters.factory({
"type": "reduce",
"group-by": {
"key": "Date",
"value_type": "date",
"value_regex": "([0-9]{4}[/-][0-9]{2}[/-][0-9]{2}).*",
},
"order": "desc",
"null-order": "first",
"limit": 1
})
rs = f.process(resources)
self.assertEqual([r['InstanceId'] for r in rs], ['D', 'B', 'C', 'A'])
def test_value_match(self):
resource = {"a": 1, "Tags": [{"Key": "xtra", "Value": "hello"}]}
vf = filters.factory({
"type": "value",
"value": None,
"key": "tag:xtra"
})
self.assertFalse(hasattr(vf, "content_initialized"))
self.assertEqual(vf.v, None)
res = vf.match(resource)
self.assertTrue(vf.content_initialized)
self.assertEqual(vf.v, None)
self.assertFalse(res)
def test_not(self):
results = [
instance(Architecture='x86_64', Color='green'),
instance(Architecture='x86_64', Color='blue'),
instance(Architecture='x86_64', Color='yellow'),
]
f = filters.factory({
'not': [
{'Architecture': 'x86_64'},
{'Color': 'green'}]})
self.assertEqual(len(f.process(results)), 2)
"""
def test_randomize(self):
resources = self.instances()
f = filters.factory({
"type": "reduce",
"order": "randomize",
})
# Set the rand seed to ensure that the random sets aren't accidentally
# the same.
random.seed(1234)
rs1 = f.process(resources)
rs2 = f.process(resources)
self.assertEqual(len(rs1), len(resources))
self.assertEqual(len(rs2), len(resources))
self.assertNotEqual([r['InstanceId'] for r in rs1],
[r['InstanceId'] for r in rs2])
def test_less_than(self):
f = filters.factory(
{'type': 'value',
'key': 'Number',
'value': 10,
'op': 'less-than'})
self.assertEqual(
f(instance(Number=9)),
True)
self.assertEqual(
f(instance(Number=11)),
False)
self.assertEqual(
f(instance(Number=10)),
False)
def test_not(self):
results = [
instance(Architecture="x86_64", Color="green"),
instance(Architecture="x86_64", Color="blue"),
instance(Architecture="x86_64", Color="yellow"),
]
f = filters.factory(
{"not": [{
"Architecture": "x86_64"
}, {
"Color": "green"
}]})
self.assertEqual(len(f.process(results)), 2)
def test_not(self):
results = [
instance(Architecture='x86_64', Color='green'),
instance(Architecture='x86_64', Color='blue'),
instance(Architecture='x86_64', Color='yellow'),
]
f = filters.factory(
{'not': [{
'Architecture': 'x86_64'
}, {
'Color': 'green'
}]})
self.assertEqual(len(f.process(results)), 2)
def test_resource_count_filter_validation(self):
# Bad `op`
f = {
"type": "value",
"value_type": "resource_count",
"op": "regex",
"value": 1
}
self.assertRaises(PolicyValidationError,
filters.factory(f, {}).validate)
# Bad `value`
f = {
"type": "value",
"value_type": "resource_count",
"op": "eq",
"value": "foo"
}
self.assertRaises(PolicyValidationError,
filters.factory(f, {}).validate)
# Missing `op`
f = {"type": "value", "value_type": "resource_count", "value": 1}
self.assertRaises(PolicyValidationError,
filters.factory(f, {}).validate)
# Unexpected `value_regex`
f = {
"type": "value",
"value_type": "resource_count",
"op": "eq",
"value": "foo",
"value_regex": "([0-7]{3,7})"
}
self.assertRaises(PolicyValidationError,
filters.factory(f, {}).validate)
def test_group_string(self):
resources = self.instances()
f = filters.factory(
{
"type": "reduce",
"group-by": "Bar",
"limit": 1,
}
)
rs = f.process(resources)
self.assertEqual(len(rs), 4)
self.assertEqual(
[r['InstanceId'] for r in rs],
['B', 'E', 'A', 'C']
)
def test_regex_match(self):
f = filters.factory(
{'type': 'value',
'key': 'Color',
'value': '*green*',
'op': 'glob'})
self.assertEqual(
f(instance(
Architecture='x86_64',
Color='mighty green papaya')),
True)
self.assertEqual(
f(instance(
Architecture='x86_64',
Color='blue')),
False)
def test_regex_match(self):
f = filters.factory(
{'type': 'value',
'key': 'Color',
'value': '*green*',
'op': 'glob'})
self.assertEqual(
f(instance(
Architecture='x86_64',
Color='mighty green papaya')),
True)
self.assertEqual(
f(instance(
Architecture='x86_64',
Color='blue')),
False)
def test_randomize(self):
resources = self.instances()
f = filters.factory(
{
"type": "reduce",
"order": "randomize",
}
)
rs1 = f.process(resources)
rs2 = f.process(resources)
self.assertEqual(len(rs1), len(resources))
self.assertEqual(len(rs2), len(resources))
self.assertNotEqual(
[r['InstanceId'] for r in rs1],
[r['InstanceId'] for r in rs2]
)
def test_sort_date(self):
resources = self.instances()
f = filters.factory(
{
"type": "reduce",
"sort-by": {
"key": "Date",
"value_type": "date"
}
}
)
rs = f.process(resources)
self.assertEqual(
[r['InstanceId'] for r in rs],
['A', 'C', 'B', 'D', 'E', 'F']
)
def test_resource_count_filter(self):
fdata = {
'type': 'value',
'value_type': 'resource_count',
'op': 'lt',
'value': 2
}
self.assertFilter(fdata, instance(file='ec2-instances.json'), [])
f = filters.factory({
'type': 'value',
'value_type': 'resource_count',
'op': 'eq',
'value': 2
})
i = instance(file='ec2-instances.json')
self.assertEqual(i, f(i))
def test_resource_count_filter(self):
fdata = {
"type": "value",
"value_type": "resource_count",
"op": "lt",
"value": 2
}
self.assertFilter(fdata, instance(file="ec2-instances.json"), [])
f = filters.factory({
"type": "value",
"value_type": "resource_count",
"op": "eq",
"value": 2
})
i = instance(file="ec2-instances.json")
self.assertEqual(i, f(i))
def test_group_number(self):
resources = self.instances()
f = filters.factory(
{
"type": "reduce",
"group-by": {
"key": "Bar",
"value_type": "number"
},
"limit": 1
}
)
rs = f.process(resources)
self.assertEqual(
[r['InstanceId'] for r in rs],
['B', 'A', 'E', 'C']
)
def test_resource_count_filter(self):
fdata = {
'type': 'value',
'value_type': 'resource_count',
'op': 'lt',
'value': 2
}
self.assertFilter(fdata, instance(file='ec2-instances.json'), [])
f = filters.factory({
'type': 'value',
'value_type': 'resource_count',
'op': 'eq',
'value': 2
})
i = instance(file='ec2-instances.json')
self.assertEqual(i, f(i))
def test_and(self):
f = filters.factory({
'and': [
{'Architecture': 'x86_64'},
{'Color': 'green'}]})
results = [instance(Architecture='x86_64', Color='green')]
self.assertEqual(
f.process(results),
results)
self.assertEqual(
f.process([
instance(
Architecture='x86_64',
Color='blue')]),
[])
self.assertEqual(
f.process([
instance(
Architecture='x86_64')]),
[])
def test_value_type(self):
sentinel = datetime.now()
value = 5
vf = filters.factory({'tag:ASV': 'absent'})
vf.vtype = 'size'
res = vf.process_value_type(sentinel, value)
self.assertEqual(res, (sentinel, 0))
vf.vtype = 'age'
res = vf.process_value_type(sentinel, value)
self.assertEqual(res, (0, sentinel))
vf.vtype = 'cidr'
sentinel = '10.0.0.0/16'
value = '10.10.10.10'
res = vf.process_value_type(sentinel, value)
self.assertEqual(
(str(res[0]), str(res[1])),
(sentinel, value),
)
vf.vtype = 'cidr_size'
value = '10.10.10.300'
res = vf.process_value_type(sentinel, value)
self.assertEqual(res, (sentinel, 0))
def test_value_type(self):
sentinel = datetime.now()
value = 5
resource = {'a': 1, 'Tags': [{'Key': 'xtra', 'Value': 'hello'}]}
vf = filters.factory({'tag:ASV': 'absent'})
vf.vtype = 'size'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (sentinel, 0))
vf.vtype = 'cidr'
sentinel = '10.0.0.0/16'
value = '10.10.10.10'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(
(str(res[0]), str(res[1])),
(sentinel, value),
)
vf.vtype = 'cidr_size'
value = '10.10.10.300'
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (sentinel, 0))
vf.vtype = 'expr'
value = 'tag:xtra'
sentinel = None
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 'hello'))
vf.vtype = 'expr'
value = 'a'
sentinel = None
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 1))
vf.vtype = 'unique_size'
value = [1, 2, 3, 1, 5]
res = vf.process_value_type(sentinel, value, resource)
self.assertEqual(res, (None, 4))
def test_contains(self):
f = filters.factory(
{"type": "value", "key": "Thing", "value": "D", "op": "contains"}
)
self.assertEqual(f(instance(Thing=["A", "B", "C"])), False)
self.assertEqual(f(instance(Thing=["D", "E", "F"])), True)
def test_event_no_mode(self):
b = Bag(data={'resource': 'something'})
f = {'type': 'event', 'key': 'detail.state', 'value': 'pending'}
f = filters.factory(f, b)
self.assertRaises(base_filters.FilterValidationError, f.validate)
def test_filter_construction(self):
self.assertTrue(
isinstance(filters.factory({"tag:ASV": "absent"}), base_filters.ValueFilter)
)
def test_event_no_mode(self):
b = Bag(data={"resource": "something"})
f = {"type": "event", "key": "detail.state", "value": "pending"}
f = filters.factory(f, b)
self.assertRaises(PolicyValidationError, f.validate)
def test_and(self):
f = filters.factory({"and": [{"Architecture": "x86_64"}, {"Color": "green"}]})
results = [instance(Architecture="x86_64", Color="green")]
self.assertEqual(f.process(results), results)
self.assertEqual(f.process([instance(Architecture="x86_64", Color="blue")]), [])
self.assertEqual(f.process([instance(Architecture="x86_64")]), [])
def test_not_equal(self):
f = filters.factory(
{"type": "value", "key": "Color", "value": "green", "op": "not-equal"}
)
self.assertEqual(f(instance(Color="green")), False)
self.assertEqual(f(instance(Color="blue")), True)
def test_lt(self):
f = filters.factory({"type": "value", "key": "Number", "value": 10, "op": "lt"})
self.assertEqual(f(instance(Number=9)), True)
self.assertEqual(f(instance(Number=11)), False)
self.assertEqual(f(instance(Number=10)), False)
def test_event_filter(self):
b = Bag(data={'mode': []})
event = event_data('event-instance-state.json')
f = {'type': 'event', 'key': 'detail.state', 'value': 'pending'}
self.assertTrue(filters.factory(f, b).process([instance()], event))